IBM joins government’s secure cloud list

The Bluemix platform as a service offering from IBM have been added to the government’s Certified Cloud Services List (CCSL), which is maintained by the Australian Signals Directorate.

The services was added to the CCSL this month. The list launched in 2015 alongside an update of the government’s Information Security Manual.

Being added to the list requires an Information Security Registered Assessors Program (IRAP) assessment of a cloud service.

The CCSL is aimed at boosting cloud adoption by reducing the amount of work that a government agency or department must undertake to assess whether the security of a particular cloud service is appropriate for a particular use.

Cloud services from Amazon and Microsoft were the first to be added to the list. That was followed by services from Macquarie Telecom, Vault Systems, Sliced Tech, and Salesforce.

Currently the services on the list are certified for use with Unclassified DLM data (data that is not classified but may be sensitive and is not intended for public release).

However, ASD-endorsed IRAP assesses can potentially provide assessments for use with PROTECTED, CONFIDENTIAL, SECRET and TOP SECRET data, and both the Department of Defence and cloud vendors expect higher levels of certification to eventually be added to the CCSL.

IBM launched SoftLayer data centres in Melbourne and Sydney in 2014 and 2015, respectively.